Information Security Policy

Information Security Policy
Last Updated: Jan 2, 2025

1. Purpose

This policy establishes the information security framework for InternHousingHub.com to ensure the confidentiality, integrity, and availability of data processed and stored on our systems, especially data shared by higher education institutions and student users.

2. Scope

This policy applies to all InternHousingHub.com systems, employees, contractors, and third parties who access or manage institutional or student data through our platform. It encompasses data collection, processing, transmission, and storage.

3. Data Classification

InternHousingHub.com classifies data into three categories:

  • Confidential: Personally Identifiable Information (PII), student housing details, and user account credentials.

  • Internal: Internal communications, system configurations, and non-public business operations.

  • Public: Marketing materials, blog posts, and general housing information available on the website.

Data handling procedures are tailored based on classification to ensure appropriate safeguards.

4. Access Control

  • Access to data is granted on the principle of least privilege.

  • Role-based access controls (RBAC) are enforced.

  • Multi-factor authentication (MFA) is required for all administrative access.

  • Access logs are maintained and reviewed regularly.

5. Data Security Measures

  • All data in transit is encrypted using TLS 1.2 or higher.

  • All sensitive data at rest is encrypted using AES-256 or equivalent.

  • Passwords are hashed using bcrypt.

  • Security patches and updates are applied regularly to all systems.

6. Physical Security

InternHousingHub.com is hosted on secure cloud infrastructure (e.g., AWS, Azure, or equivalent) with physical safeguards including:

  • 24/7 surveillance

  • Access badges

  • Biometric authentication for data center entry

No sensitive data is stored on employee or contractor devices unless encrypted and approved.

7. Vendor Management

  • Data-sharing agreements and Business Associate Agreements (BAAs) are maintained where applicable.

  • Vendors are required to meet or exceed our security standards.

8. Incident Response

  • A formal Incident Response Plan is in place and tested annually.

  • Incidents are logged and escalated according to severity.

  • Affected parties, including partner institutions, will be notified of breaches in accordance with applicable laws (e.g., FERPA, state breach notification laws).

9. Security Awareness Training

All employees and contractors undergo:

  • Monthly security awareness training

  • Phishing simulation exercises

10. Privacy Compliance

InternHousingHub.com complies with:

  • FERPA

  • GDPR (where applicable)

  • CCPA

  • Other relevant data protection regulations

We do not sell or share student data.

11. Data Retention & Disposal

  • Student data is retained only as long as necessary for operational or legal purposes.

  • Data disposal is conducted securely through data wiping or cryptographic erasure.

12. Risk Management

  • Annual risk assessments are performed.

  • Security vulnerabilities are remediated in accordance with their criticality (e.g., critical issues within 24 hours).

  • Penetration testing is conducted annually by a qualified third party.

13. Business Continuity & Disaster Recovery

  • Daily backups are taken and tested monthly.

  • A Business Continuity and Disaster Recovery (BC/DR) Plan is maintained and updated annually.

  • Recovery Time Objective (RTO): 4 hours

  • Recovery Point Objective (RPO): 1 hour

14. Governance

The Information Security Officer (ISO) oversees policy enforcement, security architecture, and compliance.

Want Current Intern Housing Tips & Trends?
Get blog articles delivered straight to your inbox.
 
Connect With Us

IHH FacebookIHH InstagramIHH YouTube